Such as? Will the application use some kind of device level PGP, or another independent encryption standard, with the keys being held by the user? If we take it less literally, are they simply saying they'll try and care more than other nations, which is such a low bar, it's a limbo bar set 3 metres off the ground. It's not private unless the person in question getting verified, has 100% of the control, and since Age Verification is all about side stepping user rights, the contradictory statements of "highest privacy standards in the world", and "age verification app", are just comically opposed.

How do I know you didn't write the code?

1. Formatting, no human, formats the code in an unreadable structure.
2. Complexity, out of the X ways to write something, you picked the machine like way, every time?
3. Obscurity, you don't understand what the code is doing because I don't, no one does, it's terrible!
4. Lack of useful comments, why didn't you comment the extremely complex thing you did?
5. Structure, only a machine would structure the files and layout the way they are.
6. Speed, you generated the code in 1-day, it should have taken at least 3, probably 5-days to write.
7. Lack of useful test cases, where are they? The ones that it generated don't test anything, explain!
8. GIT, seriously, just look at your GIT history, I know the AI generated the code and the history, you didn't even review it.

I'm not anti-AI, it has its use cases, but I'm very much against AI when you're vibe coding, and being clueless. Use AI when you need to figure out why a loop is slow, maybe you wrote O(m*n*k) complexity, when you could have written O(m+n), I've done that. I've had AI figure out that it was possible to do the task in O(m+n). What I didn't let it do, was haul ass and rewrite the entire code base, I had it optimize the loop, and explain where I made an error, and how. I commented the code, with ~30 lines of comments explaining the fix.

The other way you can know if someone used AI, did they use a really obscure function / keyword? Two-weeks ago I was reviewing code, and came across a method I've never seen, but fair enough, it happens. I looked up the method in MDN, and ya, it was basically useless. I don't remember what it was, and I made the developer change it out for a standardized modern method, which oddly enough he couldn't do.

Well it can be a positive, I think it's actually a negative that AI is built into everything. I've said this many times that I think 50% of your code base should be comments, explaining what you were thinking, why, your steps to implement a solution, your logic for breaking the problem down, and things like that. You might make an error, you might write something in a less-than-ideal implementation, but I'll know why, and how you did that. With AI, you don't get that, and it's important to know. If the code breaks in 5-years, are you going to remember how your thing worked? Will the next guy if you're not here? Why make the job harder for no reason?

The AI does not write bulletproof code. It does not generate expert solutions, and it certainly does not understand what it's generating. If you use AI to write your code, you still take ownership of it, and are still accountable for it, and that's critical. You can't even ask the AI to comment the code, in the majority of cases it can't generate comments outside the meme "This is a stop sign". I know it's a stop sign, why is it red? Why is it the shape it is? Why is it reflective? How does it handle a low light case? How does it handle bright and sunny conditions? Why is the text white? Why it is positioned at the height is it? All of these should be in the comments, that's what developer need.

If you think comments are bad, or good code doesn't need commenting, you're just wrong.

Yep, 100%.

I'm honestly sitting here trying to think of a time when I could say GitHub was a decently good, and usable product, and I can't. GitHub is a case study with how to screw up a simple and powerful tool like Git. All the added tooling, features, AI nonsense, bloat, and commercialization, at the hands of a company, Microsoft, who have failed in specular fashion to produce usable anything, in years, what do you expect?

Git does not need the bloat, it's a simple and powerful tool you run on the command line, with optional server access. You can throw a GUI onto that, to help automate some annoying, but simple, tasks, and there you go. Standing it up into a CI/CD/DevOps/InfoSec dumpster bomb, was never going to lead to a useful product for anyone.

Instead of sending these people to jail, we should be waking up and realizing that we don't take data security seriously. There is no reason for Power School to store that much information about people, and ignoring that volume of information, why wasn't it encrypted with multiple layers of protection, and kill switches? The same goes for countless companies, you can't just store information, you need to protect it, and protection means it's unusable to anyone but the intended party.

It's not even enough to use AES-256-GCM, you need to layer the encryption, you need multiple systems to preform deep level verification, chains of trust, signing, identity validation, GEO locks, and keep that shit tighter then a nuns nasty. This careless, care free, it's someone else's problem, has to stop!

It's time for governments to step up and stop treating cybersecurity like it's the 1980s. We need hard rules, restrictions and regulations that make data so unapproachable and secure, you don't want to store even 1 extra bit that you don't need to.

I loved my Zip drive, I don't remember when or where I brought it, but it was AWESOME. I still have it, without disks, it's purple, I think, it might be blue purple, so some might call it blue, and it uses FireWire, which is why "working" is in quotes. I had disks for it, a nice stack of them, but I don't know where they are, and I might have thrown them out.

My computer had a Zip drive and a CDRW drive, that only worked with Sony CDRW+ disk in the yellow plastic cases, any other disk wouldn't burn, and I never knew why. It could read any CD, but could only burn to those specific yellow cases disks, which I could buy in the 100s, so it didn't really matter.

For context, I was in grade 8 in the year 2000, and I was using the good old Zip drive back then. In high-school, I used to carry it in my backpack since the computers were locked down and didn't let you insert USB keys, so I would often wire it up to transfer files around. It was reasonably fast back then, in comparison to everything else, I used it into college and university, with the same disk stack. I started college in 2006, university in 2009, probably stopped using it as a daily driver in 2015, only because it made no sense, USB was fast enough that was that. I loved that drive.

I also work as the head of a technology company, not the CTO, but high enough I could offline the company and bankrupt it tonight. I've worked here for 10+ years, and we've grown from three people to eighteen, and I know that's a hilariously small number still for the size of our company.

Here's my honest rules for when to hire:

1. Is anyone taxed continuously above 85%?
2. Do we have single points of critical failure?
3. Do we have critical infrastructure not covered with a backup person?
4. If someone leaves for vacation, is the company standing still?
5. If a client demands support on a weekend, can someone help?
6. Can someone reach an expert in their team at the company reliably?

If at any point I feel there is a gap that could introduce a lack of trust, support, or safety, we hire. If I feel that the infrastructure is at risk, we hire. Importantly, we never hire, just to hire, you need a role to go into, and you need responsibilities you'll manage. No one gets hired to sit on their ass, and no one gets hired just because head counts look good.

Just in case you're wondering if I could actually offline the company tonight no, I wrote all of our DevOps, and CI/CD tooling from scratch. If Azure went offline tonight, it would take ~1-hour to stand everyone back up on another cloud provider, with two commands from our tooling. It would take three people to offline the company, since I built in a forced approval mode, and everything is backed up properly in three locations, one of which I can't access, to prevent me from nuking all sources. I can request access, but it takes the owner, and a tech lead to both approve access.

I know companies our size who have hundreds of people. What I can't figure out is why, a person is expensive, let's assume 90k / head, on average, 11 people is $1-million / year. Hyperscale size is a different mindset, definitely, but 5000+ employees, again, just seems weird.

Regardless if we're talking about 30, or 300 people, I just can't figure out or wrap my head around 5260. When I worked at BlackBerry (Research in Motion, back then), some teams had four people on them, with four manages in the stack, reporting to their own VP, thats what this sounds like for that many employees.

I worked in QA, and above me, from memory, was Rob (Manager), Sue (Director), Mike (VP), then shift to the Project Management team, dear lord. In that team, I reported to a team of people, around 12, who managed communicating with some app developers. To report a bug / issue in an application, I had to file the bug report, include Rob, and wait. It took over a week before I would get a response, and it was always the same, "We need additional information.". Eventually, I snapped at the chain in an email, and started to email the app developers directly. I took a 5+ days process, down to 10-minutes, with better communication and better outcomes.

One day I removed 15 people from a process, and still CC'd my manager, and it was fine. The chain of communication had no value, and I'm not being rude, I'm being honest. We used to hold meetings, to plan the meeting, which planned the meeting, with 20 people on a call in multiple time-zone, all so I could get a response from a developer in a different company. The project management team would frequently modify my messages and requests, destroying them. At every meeting I was mangsplained what words meant, incorrectly.

The actual fallout from doing that, was pure rage from multiple teams, managers, directors and VPs. I had to sit in a meeting with a board of executives to explain myself. I still remember that meeting, and answering back to a furious VP (paraphrased): "Interjecting multiple teams and people, into a chain that I need to have control over is not only hurting communication, it's making it impossible. The developers are happier, they like taking to me directly, since we can get things done, which no one else can seem to do. Last week we had a meeting where a bunch of people argued me on an email I wanted to send, destroying the question so it could sound "professional", and then refusing to send it because it was a bad time. The developer and I resolved that issue within 20-minutes, over email, before lunch yesterday, and it's all recorded in email, with Rob CC'd, so stop this stupidity, this is not a functional environment.". That's very close to what I said, not a direct quote, but very close.

VP Grumpy demanded to see the email I wanted to send, read it, then yelled at the PM lady who refused to send it. I'm not joking that by this point we maybe had 40 people involved, 40 people for me to email an app developer. If they wanted insight, the email server had the logs, and emails, nothing was hidden, I CC'd my manager, so it was just literal waste. Many departments worked the same way, and I'm willing to bet Snap is the exact same way.

Interesting, I'll take a look at that later :) - Thanks!

Oh definitely, that's already in the works, if not present.

Does anyone believe this will not be used to profile and track users? If you have to use ID to verify / validate against an app, how is that processed? Unless it's done offline in a secure enclave, the government / body will know you've uploaded the ID, and have all device identification, resulting in a large fingerprint. Once they know that, any site you visit can likewise be linked, resulting in the government knowing what you visit and what.

I've not against age verification, I'm against bad age verification. I've explained the idea a few times, but the short version, an online enclave downloads databases full of ID hashes, then disables any network connectivity, a full blackout. The offline enclave starts with a hard kill switch if any network connectivity is detected. The DBs will be transferred into the offline enclaves and the ID will be privately verified, with an age range stored. Then the ID and all DBs for this process are wiped, the enclaves are destroyed, and securely wiped, and network connectivity is restored.

Once that's done, you've verified your age, without handing over your paperwork, it's private, and accomplishes the same goal.

I wasn't talking about the network scope, or the user reach. The application is simple enough, so accounting for a few dozen IT / Network / Computer specialists (IT), which I put in my estimate, I'm still baffled by how they could have more than a few hundred employees. Running at scale is hard, that's fair, but, you don't need thousands of employees to do that. My guess is: They have a core IT team that does 99.5% of all the work that's a couple of dozen people, and a few hundred of extra "find the any key" level of IT JR employees.

How do they have that many? I think they just over hired and now need to rapidly cut head counts because what could that many people do? Assuming you have a dozen developers, maybe a dozen IT specialists, a dozen computer specialists outside IT, some management, and accessory staff, how do more than a few hundred people work at Snap?

Ignore AI, I want to know what those people do, 250 employees would sound like a lot, but 5250, would be 21x what sounds as a reasonable number. I'm always amazed by how many people can work at a company whose product is reasonably simple. My general guideline is that when a person hits 85% utilization, steady, you need to hire, and every person should have a backup if they're critical, but how are 5250 people working at 85%?

AI does not comment the generated code to a level I would consider proper. It can generate JR developer level comments, just like the classic meme, "This is a stop sign", which isn't useful.

The code might be the same as a SR developer, it might not, I've seen it generate brilliant code, and truly terrible code, it's a spectrum. If you're careful, and you review the code, and really understand it, there's no problem. The big issue is when people accept the generated code and move on without review.

Exactly, you need to read and analyze the code, and if you need to make sure it's accurate. There is no problem if you're careful, my issue is many people aren't careful, and just accept it.